Remote Code Execution Vulnerability in Node.js EJS Versions < 2.5.3

Remote Code Execution Vulnerability in Node.js EJS Versions < 2.5.3

CVE-2017-1000228 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function

Learn more about our Web Application Penetration Testing UK.